electronic signatures medical records
DESCRIPTION
Healthcare organizations are increasingly relying on digital signatures (standard electronic signatures) for medical records as a way to improve patient safety, workflow inefficiencies, and cost concerns. Medical records digital signatures are a simple, effective means for recording and storing signatures while ensuring critical document authenticity and integrity.ARX Algorithmic Research Ltd.http://www.arx.com/TRANSCRIPT
1 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
Digital/Electronic
Signatures for Medical
Records
May 2008
2 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
Table of Contents
Introduction _________________________________________________________________ 3
Handwritten Signatures (Wet Ink) ________________________________________________ 3
Digital Signatures for Medical Records - Overcoming Barriers to Efficient Healthcare ________ 3
Computer Code Signatures _____________________________________________________ 5
Signature Requirements for Healthcare Applications __________________________________ 5
Comparing Different Electronic Signature Methods ___________________________________ 6
Digital Signatures – The Best Practice Method for Sealing & Authenticating Electronic Documents
___________________________________________________________________________ 7
The Power of CoSign® _________________________________________________________ 7
CoSign Delivers ______________________________________________________________ 8
About ARX __________________________________________________________________ 8
3 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
Applications
Patient Signatures -
» Consents
» Discharge Instructions
» Advance Directives
» Administrative Requests
Physician Signatures -
» Patient Orders
» Medical Records
» Medicare Certifications
» Business Agreements
» Business Correspondence
Employee Signatures -
» Patient Documentation
» Business Agreements
» General Acknowledgements
» HR Enrollments
Corporate Signatures -
» E-Transactions
» E-Acknowledgements
» E-Confirmations
Introduction Healthcare organizations are increasingly relying on digital signatures (standard electronic
signatures) for medical records as a way to improve patient safety, workflow inefficiencies,
and cost concerns. Medical records digital signatures are a simple, effective means for
recording and storing signatures while ensuring critical document authenticity and integrity.
Handwritten Signatures (Wet Ink)
A signature is a well accepted method for approving information and demonstrating its
authenticity. Unsigned documents signal the process is incomplete or unauthorized. Where
agreement or consent is required, an unsigned document indicates it has not been given.
Signatures on paper documents are simple to understand and
execute. The signer is presented with a document, and if the
content is complete, accurate and acceptable, they sign the
document. Once signed, the document can be copied, routed to
other parties, and stored in multiple locations. If additional
original copies are needed, a notarized copy will usually suffice.
Digital Signatures for Medical
Records - Overcoming
Barriers to Efficient
Healthcare
Healthcare organizations collect thousands of signatures a day.
Whatever means is used to replace an organization's paper-
based signatures, it must be simple-to-use and easy to
understand. That is why the prevailing trend for electronic
signatures is the use of a graphical image of the signature
and/or digital signatures.
Although electronic and digital signatures sound similar, the two
signature methods are very different and serve different
purposes. A graphical image of the signature (graphical
signatures) is an identical image of a person’s handwritten
signature. Graphical signatures have the advantage of being
easy to capture, using any number of commercially available
signature pads. Graphical signatures are useful for many of the
patient signatures that must be collected for informed consent,
authorizations, admission enrollments, discharge instructions,
healthcare directives and generally, any other type of electronic
form.
A graphical signature is a simple computer file that can be easily
cut and pasted into a number of documents and forms. This
means it can be added to a document without the author's
approval or knowledge. These signatures can create a risk that
4 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
the signature will be found invalid. As it relates to the healthcare industry, an invalid signature
can have significant negative consequences. So while graphical signatures may seem to be a
simple signing solution, they have significant inherent drawbacks.
Digital signatures are commonly used to lock and seal the contents of a document. Digital
signatures (sometimes referred to as advanced or secure electronic signatures) take the concept
of the traditional paper-based signature into the digital realm, by adding a digital "fingerprint"
as a signature to a document. This "fingerprint" is unique to both the document and the signer.
The properties of a digital signature are quite simple. A digital signature has the ability to
uniquely bind the signer to the document's contents, ensuring data integrity and non-
repudiation of the electronic transaction. Depending on the solution, any changes made to the
document after it was signed are clearly indicated and invalidate the signature, thereby
protecting against forgery.
When patients' signatures are required, a concept similar to a witness signature can take place
with digital signatures. The patient signs the document using the signature pad to create a
graphical signature. The graphical signature is captured and pasted onto the document, then
the signed document is counter-signed by a physician, with the healthcare employee's digital
signature.
The advantage of this two step approach is the certainty that a document, once signed, has not
been changed. The document and patient's signature are fixed together and can not be
separated without detection. The resulting signed document is a single file that can be readily
stored electronically, copied, and distributed to others as needed for business purposes.
Properties of a Digital Signature
Digital signatures are commonly used to lock and seal the contents of a document. Digital
signatures (sometimes referred to as advanced or secure electronic signatures) take the concept
of the traditional paper-based signature into the digital realm, by adding a digital "fingerprint" as a signature to a document. This "fingerprint" is unique to both the document and the signer.
The properties of a digital signature are quite simple. A digital signature has the ability to
uniquely bind the signer to the document's contents, ensuring data integrity and non-
repudiation of the electronic transaction. Depending on the solution, any changes made to the
document after it was signed are clearly indicated and invalidate the signature, thereby protecting against forgery.
How can we achieve the simplicity of hand signed paper documents for information maintained?
When patients' signatures are required, a concept similar to a witness signature can take place.
The patient signs using the signature pad. The graphical signature is captured and pasted onto
the document, then the signed document is counter signed by a physician, with the latter’s digital signature.
The advantage of this two step approach is the high-degree of certainty that a document, once
signed, has not been changed. The document and patient's signature are fixed together and can
not be separated without detection. The resulting signed document is a single file that can be
readily stored digitally, copied, and distributed to others as needed for business purposes.
5 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
Computer Code Signatures
The early methods of electronic signatures were primarily designed to authenticate the
information maintained by a computer application. First used in the 1970s, these methods did
not actually create a signature. Instead, they required persons entering information to
authenticate their identities by entering an assigned code. The application would only store the
entered information if the user’s application ID matched the code number.
Signature by a computer code, as Medicare refers to this method, is only acceptable if the
person using the code signs a formal agreement called an attestation. An attestation provides
that the code will be interpreted as the individual's “electronic signature”, kept secret and not
used for any other purpose, or by anyone else. Most electronic medical records systems still use
the computer code method to authenticate electronic information.
Computer code signatures were reasonably acceptable for early electronic record systems;
however, they are not capable of meeting the requirements of modern healthcare business
needs. The major advantage of computer code signatures of the 1970’s has become their major
shortcoming today. Since there is no actual signature, the authentication of the electronic
information is strictly a function of how the application works and the security procedures used
by the application owner to ensure that the information has not been changed or deleted.
Effectively, this means that the information authenticity is not actually a function of the
computer code signature.
Signature Requirements for Healthcare
Applications
Today, health information is just as likely to be produced electronically as it is to be on paper.
This means that information authenticity is a critical business property to ensure healthcare
operations such as proper communication of patient information, physician orders, bills,
payments, and employment agreements are accurate. To meet these needs, signature
technologists have defined the following set of signature properties:
» Uniqueness – The property that ensures that an individual’s electronic signature can be
distinguished from that of any other person. Uniqueness is a core principle of any
signature. Without uniqueness, a signature has no meaning. Its uniqueness ensures
authorization, acceptance, or approval.
» Persistence - The property that allows signatures to be retrieved and verified at any time
in the future. Signature verification must be possible even after the original application has
been migrated through major system upgrades. Persistence is particularly important for
healthcare records that may have extensive retention periods. Retrospective billing audits,
peer review data, patient authorizations, and consents are highly dependent on persistence
authenticity.
» Transportability – The property that allows signatures to be communicated across
networks to third parties. This property is necessary in situations where the receiving
party has a requirement to validate a signature. For example, certain Medicare claims
require documentation of a signed certificate of necessity. Without transportability,
electronic documents can be created and communicated, but the signature does not travel
with the document.
6 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
» Independent Verifiability – This is the property that allows a signature to be verified by
the recipient independently without reference to an application maintained by another
party. This property is closely related to persistence and transportability. Without
independent verifiability, signatures communicated to third parties have little use or
meaning.
» Integrity - The property ensures that any modification made to the contents of the
document after it has been signed will cause the electronic signature to be invalid or
unverifiable. Like uniqueness, integrity is a core signature principle, without which a
signature is meaningless. Many signature disputes arise over the principle of integrity.
Signers do not disclaim their signature, rather they maintain the document or information
is different from that at the time they signed. Signature (or information) integrity is highly
dependent on technical controls and security procedures.
» Non-repudiation - The property that describes the ease with which a signer could falsely
disclaim responsibility for the signed information. Non-repudiation is not yet a high priority
for most healthcare signatures. This is because common practice describes when
signatures are required and business procedures are implemented to ensure that required
signatures are collected. However, as more healthcare operations become automated,
signatures will become a critical component of managing workflow and authenticating
procedures.
Comparing Different Electronic Signature
Methods
Trad it iona l Computer Code S ignatures
Graphica l S ignatures
D ig ita l S ignatures
Signature Uses Medical records Patient or employee
forms
Witness or counter signatures Integrity authentication Transactions Email Web applications
Signature Propert ies
Uniqueness Uniqueness Persistence Transportability
Uniqueness Persistence Transportability Independent Verifiability Integrity Non-repudiation
Advantages Traditional method Accepted for
physician signatures
Becoming a standard consumer method
Low cost signature pads Good for where
signature is backed by credit card or other authorizing method.
Becoming the preferred method for e-transactions, corporate signature uses, legal documents, and integrity authentication
Works for all kinds of signature applications
Supports all signature properties
Disadvantages
Costly to administer Subject to code
sharing No integrity
properties Cannot be used
outside of an application
Does not standardize
Signature is not fixed to
information or document
Signature can be cut and pasted into any document
Early products were expensive and costly to administer
Resistance by application vendors to migrate away from computer code signatures
7 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
“Digital signature
technology generally
surpasses paper in
meeting the attributes
necessary to
authenticate a legal
transaction.”
- ABA Digital Signature
Guidelines Tutorial
The innovative way to
digitally sign electronic
transactions, documents,
and forms just as you would on paper.
Digital Signatures – The Best Practice
Method for Sealing & Authenticating
Electronic Documents
Digital signatures are well recognized as the preferred method
of sealing and authenticating electronic documents. That is
because they provide all the signature characteristics that a
healthcare organization needs to replace its dependence on
paper and handwritten signatures. The value and benefits of
digital signatures are promoted by a number of influential
organizations.
The American Bar Association endorses digital signatures and
has published a comprehensive set of guidelines for
authenticating documents using digital signatures. The federal
government has standardized its use of digital signatures and now requires them for many types
of electronic transactions. The Drug Enforcement Agency (DEA) has just released its draft
regulations requiring the use of digital signatures for authenticating electronic prescriptions.
The Veteran’s Health Administration utilizes digital signatures for integrity control over patient
consents and forms. Standards for using digital signatures for healthcare purposes are already
being published. There is an ASTM standard for using digital signatures to authenticate medical
records and a DICOM standard under development for digitally signing radiological images.
The Power of CoSign®
CoSign is a simple-to-use and quick-to-deploy digital
signature solution from ARX. CoSign delivers an innovative
solution for digitally signing documents, files, forms, and
transactions. CoSign is designed to “sit” on the corporate
network and operate as a signature service. This means
that all the advanced technology is hidden from users.
Whenever a signature is required, the user simply clicks the
sign icon. The data file, document, or form is sent to CoSign which identifies the individual’s
signing key, adds the signer's graphical signatures, digitally signs the information, and returns it
back to the individual.
CoSign eliminates the overhead expenses typical with other digital signature solutions due to its
unique centralized approach for generating, storing, and managing private keys, its built-in
integration with the organization's existing User-Management-System, and wide 3rd party
application support. CoSign also supports high availability and high-volume batch signing
offerings.
8 ARX 855 Folsom St. Suite 939 San Francisco, CA
www.arx.com (415) 839 8161 [email protected]
Whether you are concerned
about patient privacy,
electronic digital signature
capture, legal electronic
documents, document scanning,
improved scheduling, patient
recall, HIPAA compliance,
insurance audits, risk
management, or security,
CoSign offers an affordable and
easy to use solution for you.
CoSign Delivers
» Sealed Documents – CoSign locks documents and data
against any changes including forging attacks, while
maintaining "business as usual" processes. Any changes
made to a document are clearly indicated and invalidate
the signature, thereby protecting against forgery.
» Standardized Signature Method – CoSign uses industry
standard digital signatures, based on Public Key
Infrastructure (PKI) technology, for signing and validating
signatures. Using these standards allows receiving parties
to validate signatures without requiring additional
software installation (in supporting applications).
» Smartcard-Free Solution – CoSign eliminates the need and costs associated with
Smartcards.
» Quick ROI – CoSign simplifies signature procedures and improves user satisfaction.
» Automate & Expedite Processes – CoSign accelerates your transition to electronic records.
As a result, it also increases employee efficiency and enhances patient service.
About ARX
ARX has over 20 years of experience assisting life sciences, healthcare, governmental,
engineering, banking, financial services organizations and commercial sectors to secure and
streamline their business processes and transactions. ARX offers a wide range of highly scalable
products designed to simplify, secure, and accelerate electronic business. For more information,
please visit www.arx.com